Descriptiondbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.
NVD CVSS v2 Base Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)
SUSE informationSUSE Bugzilla entry: 364532 SUSE Security Advisories:
- SUSE-SR:2008:006, published Fri, 14 Mar 2008 15:00:00 +0000
- openSUSE-SU-2012:1418-1, published Wed, 31 Oct 2012 16:08:26 +0100 (CET)
List of released packages
|Product(s)||Fixed package version(s)||References|
|SUSE LINUX 10.1|| |